Techdirt. Stories filed under "snooper's charter"Easily digestible tech news...https://www.techdirt.com/
en-usTechdirt. Stories filed under "snooper's charter"https://ii.techdirt.com/s/t/i/td-88x31.gifhttps://www.techdirt.com/Thu, 17 Nov 2016 10:51:45 PSTParliament Passes Snooper's Charter, Opens Up Citizens To Whole New Levels Of Domestic SurviellanceTim Cushinghttps://www.techdirt.com/articles/20161117/07202536067/parliament-passes-snoopers-charter-opens-up-citizens-to-whole-new-levels-domestic-surviellance.shtml
https://www.techdirt.com/articles/20161117/07202536067/parliament-passes-snoopers-charter-opens-up-citizens-to-whole-new-levels-domestic-surviellance.shtml
Despite loudly, and repeatedly, raised concerns from activists and members of Parliament, the UK's Snooper's Charter (a.k.a., Investigatory Powers bill [PDF]) has been passed by both parliamentary houses and only needs the formality of the royal signature to make it official.

The list of new powers doesn't end with these. UK intelligence agencies are also given permission to perform "electronic interference" -- hack into computers and electronic devices belonging to UK citizens, not just individually, but in bulk. It also codifies secret (and illegal) surveillance of UK citizens that the country's intelligence agencies have engaged in for years without proper authority or oversight.

The government, of course, is trying to portray this as nothing more than a fine tuning of preexisting laws, specifically the Regulation of Investigatory Powers Act (RIPA). Glossed over in its perfunctory "nothing to see here" explanation is the fact that RIPA was also rushed into existence to codify other secret and illegal surveillance programs.

But it's no ordinary update of existing investigatory laws. Jim Killock of the Open Rights Group calls the Snooper's Charter "the most extreme surveillance law ever passed in a democracy." Thanks to the new powers, UK intelligence agencies should be able to put together very extensive dossiers on pretty much anyone they feel like.

This is the collection of Internet Connection Records (ICRs)—a record of which services every citizen it is connecting to, logged in real-time. This unprecedented level of micro-surveillance is accompanied by a machine to make sense of the mass of data, called a ‘Filter’, but is in essence, a search engine. It can match these ICRs with your mobile phone location data and call histories. It can, we believe, be used to profile the social relationships and the sexual and political activities of every U.K. citizen.

Beyond the expansion of law enforcement and surveillance powers is the precedent set by the government in its continual codification of secret surveillance programs. Like RIPA before it, the new law sends a message to intelligence and law enforcement agencies that all misdeeds will ultimately be legislatively forgiven by their overseers. Agencies are implicitly invited to hide programs from overseers and explore new collection techniques without running it past anyone else in the government first. And years later, it will all be papered over by "updated laws."

This is also good news for other Five Eyes surveillance partners. The NSA and GCHQ's information sharing partnership means the US agency now has access to even more data on British citizens. Almost anything GCHQ can acquire, the NSA can access. And now GCHQ can access more than ever.

Permalink | Comments | Email This Story
]]>surfing the internet with The Manhttps://www.techdirt.com/comment_rss.php?sid=20161117/07202536067Wed, 20 Jul 2016 13:15:28 PDTEU Court Of Justice Advisor Suggests UK's Last Surveillance Bill May Be Legal, But Hints That The New One Might Not BeMike Masnickhttps://www.techdirt.com/articles/20160720/01225435017/eu-court-justice-advisor-suggests-uks-last-surveillance-bill-may-be-legal-hints-that-new-one-might-not-be.shtml
https://www.techdirt.com/articles/20160720/01225435017/eu-court-justice-advisor-suggests-uks-last-surveillance-bill-may-be-legal-hints-that-new-one-might-not-be.shtmlrushed through the UK Parliament almost exactly two years ago. The law was challenged by a group made up of cross-party Parliament Members, and the Advocate General has sort of punted on the issue. If you don't recall, the Advocate General's role in the EU Court of Justice is basically to make a recommendation for the actual rulings. The court doesn't have to (and doesn't always) follow the Advocate General's suggestion, but does so often enough that the opinions certainly carry a lot of weight and suggest what's likely to happen. In this case, the opinion stated that, even though the court had previously rejected the EU-wide Data Retention Directive as intruding on privacy -- the UK's data retention law might be okay.

The opinion basically says some data retention laws may be okay if the powers are "circumscribed by strict safeguards" set up by the national courts.

Of course, the timing on this is important, given that the UK is (1) eagerly trying to push through its new surveillance law, the Investigatory Powers Bill which was (2) championed by then Home Secretary Theresa May as a necessary surveillance tool -- and May is now the Prime Minister due to a series of issues in the UK you may have heard about lately. And some folks who are trying to read the tea leaves of the Advocate General's opinion are suggesting that it may actually hint that while the old DRIPA might possibly be okay, the new Investigatory Powers bill probably is not. Of course, a lot of this depends on how you read the opinion and how certain key phrases are interpreted.

Many of those responding to Tuesday's opinion emphasised the main finding that "solely the fight against serious crime is an objective in the general interest that is capable of justifying a general obligation to retain data, whereas combating ordinary offences and the smooth conduct of proceedings other than criminal proceedings are not."

Basically, it appears that while it may be possible to twist DRIPA into shape so that it's not violating the court's required safeguards, the same cannot be said for the new bill. Whether or not that actually stops forward progress on that bill is another story altogether. And, of course, if the UK really is going to go through with its plan to leave the EU entirely, none of this may matter at all. Well, except for the privacy of everyone in the UK.

Permalink | Comments | Email This Story
]]>reading-the-tea-leaveshttps://www.techdirt.com/comment_rss.php?sid=20160720/01225435017Wed, 8 Jun 2016 23:23:00 PDTUK Parliament Ignores Concerns; Moves Snooper's Charter ForwardMike Masnickhttps://www.techdirt.com/articles/20160608/11432334659/uk-parliament-ignores-concerns-moves-snoopers-charter-forward.shtml
https://www.techdirt.com/articles/20160608/11432334659/uk-parliament-ignores-concerns-moves-snoopers-charter-forward.shtmlthe UK's House of Commons overwhelmingly voted in support of the Snooper's Charter, officially known as the Investigatory Powers Bill. As we've discussed, this is a dangerous bill that will give the UK government significantly more surveillance powers (or, in many cases, will "authorize" things that the UK government has already been doing on dubious legal authority), with little to no real oversight. And despite people being upset about it, it still was approved by a vote of 444 to 69. And, yes, the current version of the bill still asks for backdoors to encryption, but leaves a vague exemption if a company claims that it would not be feasible or would be too expensive. That's better than the alternative, but it's still a step in the wrong direction. The bill still needs to be considered by the House of Lords, but it's disappointing that the House of Commons seemed so willing to cave to demands for more surveillance powers.

Permalink | Comments | Email This Story
]]>sadhttps://www.techdirt.com/comment_rss.php?sid=20160608/11432334659Fri, 18 Mar 2016 18:18:00 PDTUK Government Pushes Forward With Insane Snooper's Charter, Despite Widespread ConcernsMike Masnickhttps://www.techdirt.com/articles/20160317/18084133941/uk-government-pushes-forward-with-insane-snoopers-charter-despite-widespread-concerns.shtml
https://www.techdirt.com/articles/20160317/18084133941/uk-government-pushes-forward-with-insane-snoopers-charter-despite-widespread-concerns.shtmlenact its "Snooper's Charter" law, officially the Investigatory Powers Bill, which would give the government much greater surveillance capabilities. Right after last year's election, Prime Minister David Cameron and Home Office Secretary Theresa May made it clear that they were going to go full Orwell, and do whatever possible to grant themselves greater powers to spy on everyone. As more concerns were raised, we noted that the government pretended to back down, while still including all the bad stuff people predicted.

As more and more complaints about the bill were raised, we noted May decided to try to rush the bill through, along with a healthy dose of "if you don't do this we're all going to die!" FUD. That included releasing a new draft of the bill, which pretended to address the privacy concerns people raised, but which did so basically by just adding the word "privacy" to a heading and making no substantive changes to protect privacy at all (and possibly changes that made things worse).

At present the draft law fails to meet international standards for surveillance powers. It requires significant revisions to do so.

First, a law that gives public authorities generalised access to electronic communications contents compromises the essence of the fundamental right to privacy and may be illegal. The investigatory powers bill does this with its “bulk interception warrants” and “bulk equipment interference warrants”.

Second, international standards require that interception authorisations identify a specific target – a person or premises – for surveillance. The investigatory powers bill also fails this standard because it allows “targeted interception warrants” to apply to groups or persons, organisations, or premises.

Third, those who authorise interceptions should be able to verify a “reasonable suspicion” on the basis of a factual case. The investigatory powers bill does not mention “reasonable suspicion” – or even suspects – and there is no need to demonstrate criminal involvement or a threat to national security.

These are international standards found in judgments of the European court of justice and the European court of human rights, and in the recent opinion of the UN special rapporteur for the right to privacy. At present the bill fails to meet these standards – the law is unfit for purpose.

On Tuesday, the House of Commons had its "Second Reading" of the bill, and the debate about it allowed some to raise concerns, but with various parties deciding to abstain from voting, rather than vote against it, the bill moved forward easily (it'll come back to Parliament after the House of Lords goes through the bill). Even worse, the main "opposition" to the bill was not that strongly raised:

Andy Burnham, former Home Office minister, stood to offer the Labour party's official perspective. If there is substantive opposition to the contents of the IP Bill within the Labour party - and I know there is from MPs like Tom Watson and David Winnick - then there was little evidence of it from Mr Burnham's contribution to the debate. He opened by trotting out the dire need to combat the four horsemen of the infocalypse and the false and distorting 'balance security with privacy' dichotomy. From those foundations he was highly unlikely to get anywhere enlightened.

While we're fighting against backdoors and for encryption here in the US, it looks like the UK government is potentially moving very much in the other direction.

Permalink | Comments | Email This Story
]]>concerns-can-be-ignored-when-you're-in-powerhttps://www.techdirt.com/comment_rss.php?sid=20160317/18084133941Tue, 1 Mar 2016 03:24:00 PSTSensing Public Support Waning, UK Fast Tracks Snooper's CharterMike Masnickhttps://www.techdirt.com/articles/20160229/11073233760/sensing-public-support-waning-uk-fast-tracks-snoopers-charter.shtml
https://www.techdirt.com/articles/20160229/11073233760/sensing-public-support-waning-uk-fast-tracks-snoopers-charter.shtmlSnooper's Charter that would increase surveillance powers greatly in the UK. There's been a growing amount of criticism of the plan in the UK, so rather than respond to it, May has simply moved to fast track the bill, officially called the Investigatory Powers Bill. The bill will officially be "published" today on March 1, and then will likely be voted on before the end of April.

Of course, this seems like standard operating procedures these days. Two years ago, the UK government did the same thing with its data retention bill. It's almost as if the UK government would prefer cutting off debate on these issues, and just rushing through much greater surveillance powers for the government.

Permalink | Comments | Email This Story
]]>get-the-damn-thing-through-and-then-spy-on-everyonehttps://www.techdirt.com/comment_rss.php?sid=20160229/11073233760Wed, 20 Jan 2016 03:23:00 PSTWhat's The Difference Between 'Mass Surveillance' And 'Bulk Collection'? Does It Matter?Glyn Moodyhttps://www.techdirt.com/articles/20160115/09582933351/whats-difference-between-mass-surveillance-bulk-collection-does-it-matter.shtml
https://www.techdirt.com/articles/20160115/09582933351/whats-difference-between-mass-surveillance-bulk-collection-does-it-matter.shtml
As numerous Techdirt stories make clear, the particular words used to describe something can make a big difference in how it is perceived. For example, intelligence agencies like to avoid the use of the bad-sounding "mass surveillance," with its Orwellian overtones, and prefer to talk about "bulk collection," which can be presented as some kind of cool big data project. No one is more vociferous in insisting that they are not engaged in mass surveillance, but merely bulk collection, than the UK's Home Secretary, Theresa May. She was pushing that line again last week, during a grilling by a UK Parliamentary committee about her proposed Snooper's Charter. As BBC News reported:

She said the security minister, John Hayes, had written to the committee of MPs and peers scrutinising the draft bill to give the reasons why the government did not want to reveal the kinds of data investigators were accessing.

She insisted the practice -- and the sweeping up by the security services of large quantities of internet traffic passing through the UK -- did not amount to "mass surveillance" as civil liberties campaigners claim.

"The UK does not undertake mass surveillance," she told the committee.

Given what we know that GCHQ is already doing, and adding in what the UK government says it wants to do, that seems an absurd thing to say. But Paul Bernal, Lecturer in Information Technology, Intellectual Property and Media Law at the UK's University of East Anglia, thinks that there is more to this than meets the eye:

Precisely what constitutes surveillance is far from agreed. In the context of the internet (and other digital data surveillance) there are, very broadly speaking, three stages: the gathering or collecting of data, the automated analysis of the data (including algorithmic filtering), and then the 'human' examination of the results of that analysis of filtering. This is where the difference lies: privacy advocates and others might argue that the 'surveillance' happens at the first stage -- when the data is gathered or collected -- while Theresa May, [former GCHQ director] David Omand and those who work for them would be more likely to argue that it happens at the third stage -- when human beings are involved.

If surveillance occurs through the act of gathering personal data on a large scale, then clearly what the UK government does (and wants to do more of) is mass surveillance. But if surveillance only takes place once a human operator looks at some of the gathered data, then Theresa May can plausibly argue that what the UK government is engaged in is not mass surveillance, because relatively little personal data is scrutinized in this way. So the question then becomes: at what point is it most appropriate to say that surveillance has occurred? Bernal offers a helpful analogy. What the UK government wants to do with the Snooper's Charter would be like:

installing a camera in every room of every house in the UK, turning that camera on, having the footage recorded and stored for a year -- but having police officers only look at limited amounts of the footage and only when they feel they really need to.

Does the surveillance happen when the cameras are installed? When they’re turned on? When the footage is stored? When it’s filtered? Or when the police officers actually look at it.

Most people would probably find the automated video recording of everything they did in the privacy of their own home intrusive, and clearly a form of surveillance, even if it was unlikely the footage would ever be seen by a human being. And in Europe, the question has already been settled by the courts:

Privacy invasion occurs when the camera is installed and the capability of looking at the footage is enabled. That’s been consistently shown by recent rulings at both the Court of Justice of the European Union and of the European Court of Human Rights. Whether it is called ‘surveillance’ or something else, it invades privacy -- which is a fundamental right. That doesn’t mean that it is automatically wrong -- but that the balancing act between the rights of privacy (and freedom of expression, of assembly and association etc that are protected by that privacy) and the need for 'security' needs to be considered at the gathering stage, and not just at the stage when people look at the data.

That's important, because it is precisely this issue that the courts will have to consider when the inevitable legal challenges are brought against the UK's Snooper's Charter once some version of it becomes law. In the end, whether the Home Secretary thinks what she is doing is mass surveillance or merely bulk collection is irrelevant -- the UK and EU courts will be the ones that decide whether it's allowed.

Permalink | Comments | Email This Story
]]>words,-words,-wordshttps://www.techdirt.com/comment_rss.php?sid=20160115/09582933351Tue, 29 Dec 2015 08:29:41 PSTUK Home Secretary Wants Everyone's Metadata; But If You Ask For Hers, Gov't Says You're Being VexatiousMike Masnickhttps://www.techdirt.com/articles/20151228/17384133179/uk-home-secretary-wants-everyones-metadata-if-you-ask-hers-govt-says-youre-being-vexatious.shtml
https://www.techdirt.com/articles/20151228/17384133179/uk-home-secretary-wants-everyones-metadata-if-you-ask-hers-govt-says-youre-being-vexatious.shtmlTheresa May, the UK Home Secretary who seems like a comic book version of a government authoritarian, is leading the charge in the UK for its new Snooper's Charter, officially called the "Investigatory Powers Bill," that is filled with all kinds of nasty stuff for making it easier for the government to spy on everyone. Among the many problematic elements is the demand for basically everyone's metadata. May dismissed the concerns about this by saying it's nothing more than "an itemised phone bill." Given that, Member of Parliament Keith Vaz noted to May that people might be interested to see May's itemized phone bill.

Soon after that, we noted that UK resident Chris Gilmour sent in a FOIA request for May's metadata. Specifically, he asked for the following:

1) The date, time, and recipient of every email sent by the Home Secretary during October 2015.

2) The date, time, and sender of every email received by the Home Secretary during October 2015.

3) The date, time, and recipient of every internet telephony call (e.g. "Skype" call) made by the Home Secretary during October 2015.

4) The date, time, and sender of every internet telephony call (e.g. "Skype" call) received by the Home Secretary during October 2015.

5) The date, time, and domain address of every website visited by the Home Secretary during October 2015.

Not surprisingly, it appears he was not the only one to do so. UK newspaper The Independent sent in a FOIA request asking for:

... the web browser history of all web browsers on the Home Secretary Theresa May's GSI network account for the week beginning Monday 26 October. Feel free to redact any web addresses relating to security matters."

There may be other such requests as well -- but both of these requests got back the same basic response from the UK government. In both cases, the government rejected the requests, claiming they were "vexatious." Here's the response to Gilmour's:

We have considered your requests and we believe them to be vexatious. Section 14(1) of
the Act provides that the Home Office is not obliged to comply with a request for
information of this nature. We have decided that your request is vexatious because it
places an unreasonable burden on the department, because it has adopted a scattergun
approach and seems solely designed for the purpose of ‘fishing’ for information without
any idea of what might be revealed.

While the Government is widening its own powers to access the information of citizens, it is watering down the public’s right to access the Government’s information.

Either way, there seems to be a legitimate question to ask Theresa May: if there's no big deal about having the government go through your metadata and it's "just like an itemised phone bill," then why is it so "vexatious" for the public to ask for May's metadata?

Permalink | Comments | Email This Story
]]>funny how that workshttps://www.techdirt.com/comment_rss.php?sid=20151228/17384133179Tue, 1 Dec 2015 03:15:00 PSTUK's Snooper's Charter Hands Over Access To User Data To Several Non-Law Enforcement AgenciesTim Cushinghttps://www.techdirt.com/articles/20151126/07415632909/uks-snoopers-charter-hands-over-access-to-user-data-to-several-non-law-enforcement-agencies.shtml
https://www.techdirt.com/articles/20151126/07415632909/uks-snoopers-charter-hands-over-access-to-user-data-to-several-non-law-enforcement-agencies.shtml
The UK's "Snooper's Charter" was already terrible. The draft bill, finally released earlier this month, confirmed the UK government would be mandating encryption backdoors and requiring the retention of citizens' web browsing history. On top of that, the bill confirmed dragnet surveillance by UK agencies was already in place (unbeknownst to its "oversight") and, in fact, is looking to legalize the snooping after the fact.

The Investigatory Powers Act, as can be inferred by its name, would obviously allow any number of intelligence and law enforcement agencies to access the data and communications retained by ISPs. But it's not just GCHQ, M16 and various police forces being granted access to UK internet users' web browsing history. As Joseph Cox at Motherboard points out, it's also several agencies with seemingly no need for additional access to communications data.

On page 210 of the draft Investigatory Powers Bill, a planned piece of UK surveillance legislation that was announced earlier this month, is a table of “relevant public authorities.” These authorities would “have the power to obtain communications data,” according to a briefing paper on the Bill.

As you might expect, the list includes various police forces, the Secret Intelligence Service (MI6), the UK's signals intelligence agency GCHQ, and the Ministry of Defence. However, it also includes agencies such as the Department of Health, the Department for Work and Pensions, and the Department for Transport, whose need for such surveillance data is less obviously clear.

Despite the parade of child-murdering, drug-dealing, criminal-masterminding horrors that serve as slightly-less-dry interludes to the bill's text, access to "all" retained data will be provided to a long list of mundane regulatory agencies, presumably for the sake of the children.

Her Majesty’s Revenue and Customs

Department for Transport

Department of Enterprise, Trade and Investment in Northern Ireland

A fire and rescue authority under the Fire and Rescue Services Act 2004

Most of these agencies are granted access to all "communications data." The justification for this is laid out in the table starting on page 210 of the pdf, with most of these agencies utilizing Section 46(7)(b) ("for the purpose of preventing or detecting a crime or of preventing disorder").

But the bill contains several other justifications for the obtaining of user data, not all of which seem severe enough to warrant special legislation -- like "collecting any tax, duty, levy or other imposition" or "exercising functions relating to financial stability."

Not exactly the terrorist-hunting, child kidnapper-finding wonderbill it's being depicted as -- often in its own pages. Worse, the stuff authorized here is already in place and has already been used. Jim Killock, executive director of the Open Rights Group:

“This is already happening under RIPA—there were around half a million data requests made last year. Many of these were by the police but also by organisations such as Royal Mail, the Department of Work and Pensions, and local authorities.” RIPA, or the Regulation of Investigatory Powers Act 2000, is another controversial piece of UK surveillance legislation.

In other words, the new bill is codification redundancy. The UK government is hoping to ensure the snooping it's been doing for years, via a variety of agencies, will be solidly in place for years to come.

Permalink | Comments | Email This Story
]]>ALL-ACCESS-PASShttps://www.techdirt.com/comment_rss.php?sid=20151126/07415632909Mon, 30 Nov 2015 11:38:37 PSTUK ISP Boss Highlights Technical Stupidity Of The Snooper's Charter ProposalMike Masnickhttps://www.techdirt.com/articles/20151128/00573032936/uk-isp-boss-highlights-technical-stupidity-snoopers-charter-proposal.shtml
https://www.techdirt.com/articles/20151128/00573032936/uk-isp-boss-highlights-technical-stupidity-snoopers-charter-proposal.shtml"golden keys" for encryption that somehow wouldn't be "backdoors" (even though they are). Over in the UK, they're going through something similar with the current "debate" (if you can call it that) over the latest Snooper's Charter bill, officially known as the "Investigatory Powers Bill" or the "IPBill."

A key element in the bill is the demand for "internet connection records." The draft bill has a whole section on these "ICRs" which it defines as:

A kind of communications data, an ICR is a record of the internet services a specific
device has connected to, such as a website or instant messaging application. It is captured
by the company providing access to the internet. Where available, this data may be
acquired from CSPs by law enforcement and the security and intelligence agencies.

An ICR is not a person’s full internet browsing history. It is a record of the services
that they have connected to, which can provide vital investigative leads. It would not reveal
every web page that they visit or anything that they do on that web page.

The explanatory notes, and one of the clauses in the bill, make use of the term “Internet
Connection Record”. We are concerned that this creates the impression that an “Internet
Connection Record” is a real thing, like a “Call Data Record” in telephony.

An ICR does not exist - it is not a real thing in the Internet. At best it may be the collection of, or
subset of, communications data that is retained by an operator subject to a retention order which
has determined on a case by case basis what data the operator shall retain. It will not be the same
for all operators and could be very different indeed.

We would like to see the term removed, or at least the vague and nondescript nature of the
term made very clear in the bill and explanatory notes.

From there, it goes even further, pointing out that the justification for needing these non-existent ICRs was a statement from UK Home Secretary Theresa May about how useful such info would be in finding a missing girl:

"Consider the case of a teenage girl going missing. At present we can ask her mobile provider for
call records before she went missing which could be invaluable to finding her. But for Internet
access, all we get is that the Internet was accessed 300 times. What would be useful would be to
know she accessed twitter just before she went missing in the same way as we could see she
make a phone call"

Except, as Kennard points out, that's not how the internet actually works. You don't "connect" to Twitter like that, because you're constantly connected to Twitter:

...in yesterday’s meeting I, and other ISPA members immediately pointed out the huge flaw
in this argument. If the mobile provider was even able to tell that she had used twitter at all (which
is not as easy as it sounds), it would show that the phone had been connected to twitter 24 hours a
day, and probably Facebook as well. This is because the very nature of messaging and social
media applications is that they stay connected so that they can quickly alert you to messages,
calls, or amusing cat videos, without any delay.

It should be noted that it is quite valid for a “connection” of some sort to last a long time. The main
protocol used (TCP) can happily have connections for hours, days, months or even years. Some
protocols such as SCTP, and MOSH are designed to keep a single connection active indefinitely
even with changes to IP addresses at each end and changing the means of connection (mobile,
wifi, etc). Given the increasing use of permanent connections on mobile devices, it is easy to see
how more and more applications will use such protocols to stay connected - making one “internet
connection record” which could even have passed the 12 month time limit by the time it is logged.

Connections are also typically encrypted and have some data passing all the time, so it would not
be practical for an ISP, even using deep packet inspection, to indicate that the girl “accessed
twitter” right before she vanished, or even at all (just that there is a twitter app on the phone and
logged in).

This seems like a rather important point: the people who put together the Snooper's Charter for spying on the internet don't seem to understand the first thing about how the internet actually works. And yet we're supposed to give them sweeping powers to spy on it? How does that make any sense?

Permalink | Comments | Email This Story
]]>surveillance-magichttps://www.techdirt.com/comment_rss.php?sid=20151128/00573032936Fri, 6 Nov 2015 09:32:10 PSTSnooper's Charter May Not 'Increase' Surveillance... But Tries To Legalize Over A Decade Of Secret, Illegal Mass SurveillanceMike Masnickhttps://www.techdirt.com/articles/20151106/07204532732/snoopers-charter-may-not-increase-surveillance-tries-to-legalize-over-decade-secret-illegal-mass-surveillance.shtml
https://www.techdirt.com/articles/20151106/07204532732/snoopers-charter-may-not-increase-surveillance-tries-to-legalize-over-decade-secret-illegal-mass-surveillance.shtmlSnooper's Charter bill, where we noted that the government spin on it was fairly dizzying. I noted at the time that while the government kept insisting that it wasn't adding a requirement to backdoor encryption, that was misleading because the text of the bill indicated the government believed such a mandate already existed. And that's only the least of it. The bill and the discussion around it simply confirmed that the UK government engaged in mass surveillance for many, many years, and until now only a "tiny handful" of government ministers even knew about it.

That's kind of astounding.

And, amazingly, the government is using this fact to argue that the new bill is a good thing because it actually "limits and restricts" activity that it secretly engaged in for years and years. Everyone feared the "new" powers in the bill. And the astounding thing is that the government is now twisting this to quietly reveal that it secretly and illegally spied on people for years.

The government finally admitted on Wednesday that the mass surveillance of British citizens began in 2001 after 9/11 and was stepped up in 2005, using powers under national security directions largely hidden in the 1984 Telecommunications Act.

It is not known if government law officers sanctioned the use of the act in this way, but it appears the intelligence and security committee responsible for parliamentary oversight was not informed, adding to the impression of a so-called deep state operating outside the scrutiny of parliament.

It seems like it took a day or two for people to realize all of this, as everyone was so focused on the "new" powers they expected to be in the bill. It took everyone by surprise to find out that the bill was more about trying to "legitimize" illegal mass surveillance that had been going on without any oversight for over a decade.

Permalink | Comments | Email This Story
]]>oh,-look-at-thathttps://www.techdirt.com/comment_rss.php?sid=20151106/07204532732Wed, 4 Nov 2015 09:34:19 PSTUK Releases Snooping Bill, Attempts To Mislead EveryoneMike Masnickhttps://www.techdirt.com/articles/20151104/08150232715/uk-releases-snooping-bill-attempts-to-mislead-everyone.shtml
https://www.techdirt.com/articles/20151104/08150232715/uk-releases-snooping-bill-attempts-to-mislead-everyone.shtmlmandate encryption backdoors. The full draft of the bill has been released and the UK government is prattling on about how it doesn't "ban" encryption. But note the subtle difference in language here. No one expected a ban on encryption: they expected backdoors. The bill is actually stupidly vague on this point. Here's what the explanation says about "communication service providers in the UK and overseas."

First it notes that under RIPA (the Regulation of Investigatory Powers Act), "CSPs" are already required to maintain "the ability to remove any encryption applied by the CSP to whom the notice relates." In other words, the government is already claiming mandates to backdoor encryption, and then goes on to note:

The Investigatory Powers Bill will bring together these obligations in a single,
comprehensive piece of legislation. It will provide an explicit obligation on CSPs to assist in
giving effect to equipment interference warrants. Only intercepting agencies will have the
ability to serve such warrants, which must be authorised by the Secretary of State. The
draft Bill will not impose any additional requirements in relation to encryption over and
above the existing obligations in RIPA.

The draft Bill will provide for the Secretary of State to require CSPs to maintain
permanent capabilities relating to the powers under the draft Bill. This will replace the
current obligation to maintain a permanent interception capability and will provide a clear
basis in law for CSPs to maintain infrastructure and facilities to give effect to interception
and other warrants.

The new power will also require CSPs to provide wider assistance to law
enforcement and the security and intelligence agencies in the interests of national security.
This will replace the general power of direction under the Telecommunications Act 1984.
The new power will be subject to strict safeguards that will prevent it from being used to
authorise any activity for the purpose of interference with privacy, such as authorising or
requiring the disclosure of communications data.

So... is that mandating backdoors? It seems pretty likely that the government will use this combination of factors to do exactly that, but claiming that such backdoors are already required under RIPA -- and thus it's not "expanding" those powers, even as it also says that the new bill requires providing "wider assistance to law enforcement" and "intelligence agencies." The explanation does note that "overseas" companies may have some exceptions, but again it's vague. First it notes that "the draft Bill places the same obligations on all companies providing services to the
UK or in control of communications systems in the UK" but then the vague exception: "the draft Bill will include explicit provision to take account of any potential conflict of laws
that overseas companies may face."

Right. Clears everything up.

Meanwhile the draft bill has tons of other problematic language, including requirements for data retention for your web browsing history. Also, it broadens GCHQ's ability to hack into computers around the globe, with the innocuous sounding phrase "authorisations to interfere with property." Specifically with regards to the GCHQ, the bill states:

GCHQ can
'make use of' as well as 'monitor or interfere with electromagnetic, acoustic and other
emissions and any equipment producing such emissions and to obtain and provide
information derived from or related to such emissions or equipment and from encrypted
material'. This clarifies that GCHQ may, in the performance of its functions, make use of
communications services in the manner in which it was intended they would be used. This
could be used for public communications as well as for investigative purposes.

In fact, the draft is weirdly peppered with "case studies" about gangs, criminals, exploited children and more as if to scream out "WE'RE SPYING ON YOU FOR YOUR OWN GOOD AND THE CHILDREN, SO SUBMIT." This bill is not about protecting the public. It's about giving much more surveillance and spying power to the government. It's about fearmongering to get you to give up your privacy and safety so that the government can have more powers over the general public.

Permalink | Comments | Email This Story
]]>and-off-we-gohttps://www.techdirt.com/comment_rss.php?sid=20151104/08150232715Wed, 4 Nov 2015 06:38:00 PSTUK's Snooper's Charter Includes Mandatory Backdoors For EncryptionMike Masnickhttps://www.techdirt.com/articles/20151104/00315432712/uks-snoopers-charter-includes-mandatory-backdoors-encryption.shtml
https://www.techdirt.com/articles/20151104/00315432712/uks-snoopers-charter-includes-mandatory-backdoors-encryption.shtml"backed down" on its demands for a Snooper's Charter. As we noted at the time, it did not appear they were backing down at all, but pulling out a bogus publicity campaign where they decided to "ditch" some absolutely crazy ideas that never really would have been included in the first place, but still leaving in plenty of terrible ideas.

And, now we know that includes mandatory backdoors into encryption -- a stupid and dangerous policy that will directly put UK citizens at risk. While, thankfully, those pushing for crypto backdoors in the US have realized that it's a politically untenable idea, the UK's new "Investigatory Powers Bill" has gone in the other direction, and will mandate encryption backdoors and ban any encryption offerings where there is no backdoor for law enforcement.

Companies such as Apple, Google and others will no longer be able to offer encryption so advanced that even they cannot decipher it when asked to, the Daily Telegraph can disclose.

Measures in the Investigatory Powers Bill will place in law a requirement on tech firms and service providers to be able to provide unencrypted communications to the police or spy agencies if requested through a warrant.

UK Prime Minister David Cameron and Home Secretary Theresa May will undoubtedly make a big show of this over the next few months, claiming that they need this to keep the public safe, but that's a load of hogwash. Backdooring encryption does the opposite. It puts everyone at serious risk. It's a technically dangerous solution by technically clueless people. If there are backdoors in encryption you are opening up a massive attack vector for those with malicious intent -- and that doesn't even get into the question of authorities abusing such powers. This has been explained over and over again, and it appears that Cameron's government simply decided to ignore all the technical experts and go with a "but they have to!" approach.

If you recognize the long history of governments using surveillance powers for nefarious reasons this should worry you. But even if you 100% trust the government, this should worry you, because what they're asking for, on a technological basis, is to make your information significantly less safe and much more open to hackers and online criminals.

A Home Office spokesman said: “The Government is clear we need to find a way to work with industry as technology develops to ensure that, with clear oversight and a robust legal framework, the police and intelligence agencies can access the content of communications of terrorists and criminals in order to resolve police investigations and prevent criminal acts.
“That means ensuring that companies themselves can access the content of communications on their networks when presented with a warrant, as many of them already do for their own business purposes, for example to target advertising. These companies’ reputations rest on their ability to protect their users’ data.”

This belief that law enforcement needs this information to do its job is hogwash. For all of history prior to this, people have had methods of communicating entirely in secret, and since the dawn of civilization it was still possible to track down criminals and conspirators through traditional detective work. This belief that the content of these communications is absolutely necessary would seem to suggest that UK law enforcement is currently terrible at doing its job. I'd like to believe that's not true.

The big tech companies may now face a pretty big fight in the UK. Over the last few years, they've increasingly ramped up their efforts to provide more real privacy solutions that can actually protect your information. The UK wants to send things back to the stone age, and that's dangerous. Hopefully, companies like Apple -- which has made a big show of pushing non-backdoored-encryption -- take a stand here and refuse to give in. And, other tech companies that haven't been quite as vocal, including Google, Facebook, Microsoft and Twitter need to speak out against this, potentially to the point of threatening to pull out of the UK if the government doesn't adjust its policy. Without such a strong threat, it seems unlikely the UK government will recognize just how much danger they're putting the public in with this proposal.

Permalink | Comments | Email This Story
]]>crypto wars move overseashttps://www.techdirt.com/comment_rss.php?sid=20151104/00315432712Mon, 2 Nov 2015 06:08:45 PSTUK Gov't Pretends That It's 'Backed Down' On Snooper's CharterMike Masnickhttps://www.techdirt.com/articles/20151101/22584232689/uk-govt-pretends-that-backed-down-snoopers-charter.shtml
https://www.techdirt.com/articles/20151101/22584232689/uk-govt-pretends-that-backed-down-snoopers-charter.shtmltotally Orwellian in pushing for a ridiculous "Snooper's Charter" that gave the government incredible snooping powers. David Cameron's speech in support of this contained a few incredible statements, including this: "For too long, we have been a passively tolerant society, saying to our citizens: as long as you obey the law, we will leave you alone." Message read loud and clear: tolerance is over, Big Brother is here to smack you down for anything you say or do that it doesn't like.

Now, with the details finally set to come out, it appears that UK Home Secretary Theresa May is trying to soft pedal them, claiming that the government has been "forced to backtrack" on the plan, because they agreed to remove just a few of the most ridiculous aspects of the original plan.

In a statement, senior sources said that rather than increasing intrusive surveillance, the bill would bar police and security services from accessing people’s browsing histories – a power demanded by the security services – and that “any access to internet connection records will be strictly limited and targeted”.

They also revealed that ministers had ruled out plans to restrict or ban companies from encrypting material on the internet that had alarmed privacy and technology campaigners.

In what they said was a further change, ministers would not, as they had previously suggested, demand that UK communication service providers (CSPs) should capture and store internet traffic from companies based in the United States.

These are welcome changes, but they're fairly limited. "Restricting or banning" encryption was always a non-starter. The much bigger concern is requiring backdoors. And, also, as the Intercept's Ryan Gallagher points out, the claim of not keeping web browsing data is laughable, since GCHQ already does it.

Wired UK has an article detailing many of the other expected problems with the UK's proposal, so don't fall for the claim that the government is "backing down" on surveillance. It sounds like they just realized people were going to be pissed off and decided to pretend they had "backed down" by dropping a few of the really crazy aspects of the plan, while still planning to push through the rest.

Permalink | Comments | Email This Story
]]>but-it-still-looks-badhttps://www.techdirt.com/comment_rss.php?sid=20151101/22584232689Fri, 17 Jul 2015 08:54:07 PDTUK Data Retention Snooping Law Thrown Out One Year LaterMike Masnickhttps://www.techdirt.com/articles/20150717/06570531668/uk-data-retention-snooping-law-thrown-out-one-year-later.shtml
https://www.techdirt.com/articles/20150717/06570531668/uk-data-retention-snooping-law-thrown-out-one-year-later.shtmlrushed through a dangerous data retention bill, known as the Data Retention and Investigatory Powers Bill, or DRIP, with little debate. As soon as it became law, challenges were filed -- and now the UK's High Court has struck down the law. As you may also recall, the rush to pass DRIP was in response to an EU Court of Justice ruling that said widespread data retention violated privacy rules. And, rather than take the hint, the UK government used it as an excuse to try to just rewrite the rules to let them continue snooping on the public.

Not surprisingly, the current UK government (which has been looking to expand its snooping powers rather than limit them) has made it clear that it will appeal this ruling. Furthermore, the court is allowing the government until early next year to see if it can fix the law by itself:

The judges said that the first section of Dripa "does not lay down clear and precise rules providing for access to and use of communications data" and should be "disapplied".

But the judges said their order on disapplication should be suspended until after March 31 2016 "to give Parliament the opportunity to put matters right".

That's an interesting way of going about things: we see you've been violating the rights of the public for a year now, and so we'll give you another 9 months to do so and hope that during that time you'll figure out a way to maybe not violate the public's rights so much.

Permalink | Comments | Email This Story
]]>now let's stop the repeatshttps://www.techdirt.com/comment_rss.php?sid=20150717/06570531668Thu, 2 Jul 2015 09:26:35 PDTDavid Cameron Promises To Do Away With 'Safe Spaces' On The InternetMike Masnickhttps://www.techdirt.com/articles/20150702/00134231524/david-cameron-promises-to-do-away-with-safe-spaces-internet.shtml
https://www.techdirt.com/articles/20150702/00134231524/david-cameron-promises-to-do-away-with-safe-spaces-internet.shtmlundermine all encryption on the internet. Later, some suggested he was looking more at undermining end point security. However, after being re-elected, and apparently believing that this gave him the mandate to go full Orwell, Cameron is making it clear that no one should ever have any privacy from government snoops ever.

Responding to a somewhat nonsensical question about if he believed the recent attacks in Tunisia meant that the big internet companies need to "understand that their current privacy policies are completely unsustainable?" Cameron insisted that the UK always needed to be able to read communications. It is, of course, not at all clear what the privacy policies of Google, Facebook and Twitter (the three named by the questioner) have to do with the price of tea in China, let alone the attacks in Tunisia, but... alas:

"We just want to ensure that terrorists do not have a safe space in which to communicate. That is the challenge, and it is a challenge that will come in front of the House.

"We have always been able, on the authority of the home secretary, to sign a warrant and intercept a phone call, a mobile phone call or other media communications, but the question we must ask ourselves is whether, as technology develops, we are content to leave a safe space—a new means of communication—for terrorists to communicate with each other.

"My answer is no, we should not be, which means that we must look at all the new media being produced and ensure that, in every case, we are able, in extremis and on the signature of a warrant, to get to the bottom of what is going on."

Of course, he also insisted that you regular people shouldn't worry:

"Britain is not a state that is trying to search through everybody’s emails and invade their privacy..."

Except, well, it is. This whole thing seems to be based on the idea that it's blatantly obvious who is a "terrorist" and who is a good citizen of the UK. Cameron can't really be so naive as to think that "terrorists" are somehow easily differentiated from everyday people, can he? Then again, this is the same guy who once pushed for this Snooper's Charter by talking about how fictional TV crime dramas proved it would be a useful tool.

This is extremely troubling. Cameron's desire to undermine encryption is dangerous for the privacy and security of everyone, especially those in the UK that Cameron is supposed to be helping to protect, because lots of people really do need "safe spaces in which to communicate." The only way to take those away for "terrorists" is to take them away for everyone, and that means not just for the purpose of government snooping, but for others as well. Introducing backdoors breaks security and makes everyone much, much, much more vulnerable to all sorts of attacks.

And, again, this is the same guy who said:

For too long, we have been a passively tolerant society, saying to our citizens: as long as you obey the law, we will leave you alone.... This government will conclusively turn the page on this failed approach.

Does that really sound like someone who will only use such snooping powers to track down terrorists? He's blatantly admitting that he will use it against law abiding citizens, admitting that merely "obeying the law" should not leave you free from being hassled by the government.

These kinds of statements are cartoonishly evil. They're the kind of ridiculous statements one would have hoped you'd only see in late night TV fictional TV dramas, not coming from an actually elected leader of a major western power.

Permalink | Comments | Email This Story
]]>treating-everyone-like-terroristshttps://www.techdirt.com/comment_rss.php?sid=20150702/00134231524Fri, 5 Jun 2015 01:20:50 PDTBerners-Lee Urges Britons To Fight The Snooper's Charter, But For One UK Tech Company It's Too LateGlyn Moodyhttps://www.techdirt.com/articles/20150603/10525231208/berners-lee-urges-britons-to-fight-snoopers-charter-one-uk-tech-company-too-late.shtml
https://www.techdirt.com/articles/20150603/10525231208/berners-lee-urges-britons-to-fight-snoopers-charter-one-uk-tech-company-too-late.shtml
Tim Berners-Lee not only made the Web happen (and gave it away for free), he has continued to defend his creation and its users from various attacks. As Techdirt has reported, he's stood up for net neutrality, condemned NSA surveillance and called for a bill of rights for online users (although he's not always on the side of the angels….) Now he's added his voice to those warning about the UK's Snooper's Charter, soon to be resurrected, as The Guardian reports:

Tim Berners-Lee, the inventor of the world wide web, has urged Britons to fight the government's plans to extend the country's surveillance powers, and act as a worldwide leader for promoting good governance on the web.

Berners-Lee is probably being too optimistic about the likelihood that the UK government will suddenly come to its senses, pull back from going full Orwell, and turn into a shining example to others. After all:

"It has lost a lot of that moral high ground, when people saw that GCHQ was doing things that even the Americans weren't," Berners-Lee said. "So now I think, if Britain is going to establish a leadership situation, it's going to need to say: 'We have solid rules of privacy, which you as an individual can be assured of, and that you as a company can be assured of'."

The economic argument that online businesses need an environment in which privacy is respected, is probably one of the few that David Cameron might listen to. As Berners-Lee notes, if a tech startup can't promise potential users basic protection for their personal data, then its product is seriously hobbled before it's even launched. That means that once the Snooper's Charter is in place -- assuming there is no rebellion by freedom-loving Conservative MPs when it comes to the vote -- people will think twice about choosing the UK as the base for a new tech company. In fact, people have already started leaving because of what the Snooper's Charter will do to their businesses:

Last week, less than one quarter of the electorate in the United Kingdom voted to give the Conservatives a 12-seat majority parliament. To those of you who voted Tory, I say great job: you're the reason Ind.ie (and thus Laura, Jo, and myself) are leaving the United Kingdom.

That comes from Aral Balkan, a well-known developer in the UK, who put the Snooper's Charter as one of four key reasons why he and his team at ind.ie will be seeking another country that still values freedom and privacy. Sadly, it seems more likely that others will be decide to follow their example than that the UK government will heed Berners-Lee's warning and change direction here.

Permalink | Comments | Email This Story
]]>doing-things-even-the-Americans-weren'thttps://www.techdirt.com/comment_rss.php?sid=20150603/10525231208Thu, 28 May 2015 09:28:52 PDTUK Government Goes Full Orwell: Snooper's Charter, Encryption Backdoors, Free Speech SuppressionMike Masnickhttps://www.techdirt.com/articles/20150528/07001931137/uk-government-goes-full-orwell-snoopers-charter-encryption-backdoors-free-speech-suppression.shtml
https://www.techdirt.com/articles/20150528/07001931137/uk-government-goes-full-orwell-snoopers-charter-encryption-backdoors-free-speech-suppression.shtml1984 was a warning, not a 'how to' manual." But that joke is increasingly less funny as the UK really seems to be doing everything it can to put in place Orwell's fictitious vision -- just a few decades later. Right after the election a few weeks ago, we noted the government's plan to push forward with its "extremist disruption orders" (as had been promised). The basic idea is that if the government doesn't like what you're saying, it can define your statements as "extremist" and make them criminal. Prime Minister David Cameron did his best Orwell in flat out stating that the idea was to use these to go after people who were obeying the law and then arguing that the UK needed to suppress free speech... in the name of protecting free speech. Really.

For too long, we have been a passively tolerant society, saying to our citizens: as long as you obey the law, we will leave you alone. It’s often meant we have stood neutral between different values. And that’s helped foster a narrative of extremism and grievance.

This government will conclusively turn the page on this failed approach. As the party of one nation, we will govern as one nation and bring our country together. That means actively promoting certain values.

Freedom of speech. Freedom of worship. Democracy. The rule of law. Equal rights regardless of race, gender or sexuality.

We must say to our citizens: this is what defines us as a society.

It's a fairly amazing speech where Cameron can -- within just a few sentences -- both argue for the rule of law and that obeying the rule of law should not keep you out of trouble.

Earlier this week, the Queen gave her traditional "Queen's Speech" which lays out the legislative agenda for the new Parliament, and it went quickly down the Orwellian path as well. Apparently, suppressing free speech and civil liberties will be done in the name of mandatory "social cohesion."

Measures will also be brought forward to promote social cohesion and protect people by tackling extremism. New legislation will modernise the law on communications data, improve the law on policing and criminal justice, and ban the new generation of psychoactive drugs.

That first sentence is about the extremism orders, but the second part may be even more troubling. It's the Queen making it clear that the Snooper's Charter is returning -- but even worse than before. If you don't recall, the UK government has been trying to pass this bill that would grant the government massive surveillance powers. David Cameron insists this is necessary because he's seen it work on fictional crime shows that he watches on TV (really). The last major attempt to push this through failed thanks to then Deputy Prime Minister Nick Clegg blocking it. But with Clegg out of the way following the last election, the government is going for the gold in pushing for an even broader Snooper's Charter including mandatory backdoors into encryption:

In a surprise move, the government is to introduce an investigatory powers bill far more wide-ranging than expected. The legislation will include not only the expected snooper’s charter, enabling the tracking of everyone’s web and social media use, but also moves to strengthen the security services’ warranted powers for the bulk interception of the content of communications.

Of course, as we've been discussing for quite some time now, such backdoors into encryption are monumentally stupid and counterproductive. They weaken the security and privacy of everyone. And, of course, we've already discussed how once one country demands its own backdoors, others will want them as well. And, of course, such backdoors always come back to bite everyone by opening up avenues for malicious and nefarious attacks -- no matter how often law enforcement insists that it can keep things safe. You are, by definition, opening up a vulnerability. And it will lead to less safety and security.

Permalink | Comments | Email This Story
]]>1984 wasn't a manualhttps://www.techdirt.com/comment_rss.php?sid=20150528/07001931137Mon, 2 Feb 2015 02:02:10 PSTLess Than A Week After Failing Last Attempt, UK Lords Try To Sneak Through Snooper's Charter Once AgainMike Masnickhttps://www.techdirt.com/articles/20150131/06385429867/less-than-week-after-failing-last-attempt-uk-lords-try-to-sneak-through-snoopers-charter-once-again.shtml
https://www.techdirt.com/articles/20150131/06385429867/less-than-week-after-failing-last-attempt-uk-lords-try-to-sneak-through-snoopers-charter-once-again.shtmlrush through the "Snooper's Charter" that had previously been rejected by the UK. The bill, of course, was about giving the government tremendous levels of access to everyone's electronic data with little oversight. Thankfully, despite having little notice, the attempt caused a flurry of attention and the Lords were forced to back off the plan. It seemed like another good "win" for supporters of privacy and democracy.

Many people still expected the UK government to try again, but few expected it would happen so soon. Yes, less than a week after having the last attempt rejected vocally, the same group of Lords are trying yet again:

On Saturday, ahead of a “report stage” debate on Monday (the Counter-Terrorism and Security Bill is almost fully baked), Lords West, Blair, Carlile and King introduced a new amendment that appears to be almost identical to the last, and to the Communications Data Bill before it.

Again, this new amendment would force “telecommunications operators” – which these days includes the likes of Facebook and Skype, as well as traditional telcos – to store communications metadata for up to a year and hand it over to U.K. authorities when requested. This data retention regime may require the providers to install “specified equipment or systems.”

As David Meyer at GigaOm notes, just as with the last time, this bill lets any "relevant public authority" get access to the data, meaning that such data will be widely accessed and almost certainly widely abused as well. It appears that there are only very minor cosmetic changes between what was proposed and rejected last week and what has been proposed this week. Of course, it won't surprise you to learn the backgrounds of those pushing for this information:

The four peers in question all come from the security establishment — a former Metropolitan Police commissioner (Blair), a former secretary of defense (King), a former minister for security and counter-terrorism (West), and a former government anti-terror adviser (Carlile).

Meyer also quotes Lord King saying that he doesn't know about or understand the various new social media services like WhatsApp and SnapChat, "but what is absolutely clear is that the terrorists and jihadists do" -- which is why he thinks the Snooper's Charter is needed. In other words, he admits his own ignorance, but doesn't seem to care, because he is ruled by irrational fear. That does not seem like a particularly intelligent way to govern or to legislate.

Permalink | Comments | Email This Story
]]>total-failurehttps://www.techdirt.com/comment_rss.php?sid=20150131/06385429867Mon, 26 Jan 2015 01:39:22 PSTUK Legislators Hoping To Rush Through New 'Snooper's Charter' In The Wake Of The Charlie Hebdo AttacksTim Cushinghttps://www.techdirt.com/articles/20150124/08503529800/uk-legislators-hoping-to-rush-through-new-snoopers-charter-wake-charlie-hebdo-attacks.shtml
https://www.techdirt.com/articles/20150124/08503529800/uk-legislators-hoping-to-rush-through-new-snoopers-charter-wake-charlie-hebdo-attacks.shtml
The UK legislators, law enforcement agencies and intelligence services looking to expand the government's surveillance programs got a big boost from the attack on Charlie Hebdo. This violent attempt to place extremist religious ideology ahead of free speech was twisted by many into justification for expanded government powers. Prime Minister David Cameron even went so far as to suggest that no citizen's communications should be beyond the government's reach.

This unexpected boost has propelled a raft of new amendments to the UK's so-called "Snooper's Charter," a once-rejected bill (Communications Data Bill) that would hand over ISP subscriber data to the goverment without a warrant. The amendments try to paper over the obvious flaws in the proposed legislation, limiting the use of this data to law enforcement and intelligence services only. (The previous version allowed several other government agencies to dip their toes into the data stream.)

The privacy protections are still insufficient and the wording is still vague, but those supporting this bill are hoping the recent terrorist attack -- combined with a very short time frame -- will help them guide this past the opposition, as the EFF points out.

Directly after the Charlie Hebdo massacre, we cautioned the public and politicians to be "wary of any attempt to rush through new surveillance and law enforcement powers." With depressing predictability, we've already seen that happen acrossthecontinent. Nowhere, however, has the attempt to bypass democratic debate been more blatant than in the United Kingdom, where a handful of unelected peers has taken the language of an old and discredited Internet surveillance proposal, and attempted to slam it, at outrageously short notice, into the wording of a near-complete counter-terrorism bill.

The result is that, unless you take action to warn Britain's House of Lords in time for the debate on Monday, there is a good chance that Britain will pass the infamous Snooper's Charter into law with barely any oversight.

Over the weekend, EFF supporters have taken action, and as the amended snooping bill hits the floor today, hopefully it will be met with increased resistance. But its supporters have done everything they can to prevent any examination of the proposed amendments by dropping the new wording off on Thursday and pushing for a simple "up/down" vote on Monday. This rush job indicates the amended bill won't stand up to scrutiny -- something its supporters are hoping to avoid by giving those voting a brief chance to glance at the new wording before being asked to push the bill forward.

The EFF has provided contact information for UK legislators, noting that certain methods may be more effective given the shortened time frame.

If you're a British citizen, you need to tell the members of the House of Lords that their right to analyze and discuss this legislation is being bypassed. We've set up an action alert for UK Internet users, so that you can send messages to the Twitter accounts of UK peers (you would be surprised how many British Lords use Twitter). You can also write to members of the House of Lords through the free service WriteToThem.com, but given the time frame, tweeting or phone calls are much better.

Twisting an attack on free speech into a call for more surveillance is most governments' standard MO. The UK is no exception. But this is never the right response to terrorist activity, especially when the end result will be a chilling effect on free speech -- making this bill's outcome indistinguishable from the attackers' aims.

Permalink | Comments | Email This Story
]]>throwing-paper-on-empty-deskshttps://www.techdirt.com/comment_rss.php?sid=20150124/08503529800Fri, 18 Jul 2014 15:35:49 PDTAs Feared, UK Data Retention Act Passed In Record Time; Fight Back Has Already BegunGlyn Moodyhttps://www.techdirt.com/articles/20140718/04591927924/as-feared-uk-data-retention-act-passed-record-time-fight-back-has-already-begun.shtml
https://www.techdirt.com/articles/20140718/04591927924/as-feared-uk-data-retention-act-passed-record-time-fight-back-has-already-begun.shtmlrammed through the British Parliament in record time. As feared, that has happened, and the Data Retention and Investigatory Powers Bill -- DRIP to its friends -- has received the Royal Assent and is now law in the UK. That's the bad news; the good news is that the fight back has already begun. Today, the UK's Open Rights Group (ORG) announced that it would be challenging DRIP in the courts:

Whilst Parliament swallowed Theresa May’s tired arguments that "terrorist plots will go undetected" and "these are powers and capabilities that exist today", she failed to make a compelling argument that holding everyone's data is necessary and proportionate. Frankly, the Government was evasive and duplicitous, and they were in a hurry to cover their tracks.

Tom Watson MP described the process as "democratic banditry, resonant of a rogue state. The people who put this shady deal together should be ashamed."

And the European Court's decision was very clear: blanket data retention is unlawful and violates the right to privacy.

The courts will have the final say on whether DRIP breaches human rights. And no matter what David Cameron believes, the UK has international obligations. The European Convention on Human Rights, the European Charter of Fundamental Rights and our own Human Rights Act -- all exist to defend our rights and are where we will be able to challenge DRIP.

As the controversial Data Retention and Investigation Powers Bill (DRIP) slips its way through the House of Commons and into the House of Lords, the outspoken boss of broadband ISP Andrews & Arnold (AAISP), Adrian Kennard, has promised to use "all practical legal means" in order to protect their customers from state sponsored Internet snooping.

Now, that may just be one ISP, but the example of iiNet in Australia, which has been fighting on behalf of its users there for years, shows what can be done. It would be nice if more UK ISPs did the same, but even if they don't, it's likely that others will join the fight against DRIP and its undemocratic passage through the UK Parliament, given the outrage this has caused -- in some quarters, at least.

Permalink | Comments | Email This Story
]]>democratic-banditryhttps://www.techdirt.com/comment_rss.php?sid=20140718/04591927924Fri, 31 Jan 2014 10:57:00 PSTDavid Cameron Says Snooper's Charter Is Necessary Because Fictional Crime Dramas He Watches Prove ItMike Masnickhttps://www.techdirt.com/articles/20140131/09523326059/david-cameron-says-snoopers-charter-is-necessary-because-fictional-crime-dramas-he-watches-prove-it.shtml
https://www.techdirt.com/articles/20140131/09523326059/david-cameron-says-snoopers-charter-is-necessary-because-fictional-crime-dramas-he-watches-prove-it.shtml"snooper's charter" in the UK -- a system to further legalize the government's ability to spy on pretty much all communications. It was setting up basically a total surveillance system, even beyond what we've since learned is already being done today. Thankfully, that plan was killed off by Deputy Prime Minister Nick Clegg.

However, Prime Minister David Cameron is back to pushing for the snooper's charter -- and his reasoning is as stupid as it is unbelievable. Apparently, he thinks it's necessary because the fictional crime dramas he watches on TV show why it's necessary. I am not joking, even though I wish I was:

In the most serious crimes [such as] child abduction communications data... is absolutely vital. I love watching, as I probably should stop telling people, crime dramas on the television. There's hardly a crime drama where a crime is solved without using the data of a mobile communications device.

What we have to explain to people is that... if we don't modernise the practice and the law, over time we will have the communications data to solve these horrible crimes on a shrinking proportion of the total use of devices and that is a real problem for keeping people safe.

Yes, he just said that. Because fictional characters on crime drama TV shows make use of data, that's somehow proof that it's necessary. Perhaps someone can send Cameron a copy of Enemy of the State or any other fictional work showing how the government can abuse such information. Or, better yet, let's have our side stick with reality, and we can just point to real historical events of governments abusing such information.

Permalink | Comments | Email This Story
]]>did-he-really-just-say-that?https://www.techdirt.com/comment_rss.php?sid=20140131/09523326059Fri, 31 May 2013 18:35:00 PDTFacebook, Google, Microsoft, Twitter And Yahoo Refuse To Cooperate With UK's 'Snooper's Charter'Glyn Moodyhttps://www.techdirt.com/articles/20130531/03421623271/facebook-google-microsoft-twitter-yahoo-refuse-to-cooperate-with-uks-snoopers-charter.shtml
https://www.techdirt.com/articles/20130531/03421623271/facebook-google-microsoft-twitter-yahoo-refuse-to-cooperate-with-uks-snoopers-charter.shtml
A month ago, we wrote about how the UK's infamous "Snooper's Charter" had been scuppered by Nick Clegg, the UK's Deputy Prime Minister. The Guardian now reveals that top Internet companies may have played a key role in this decision:

The five biggest internet companies in the world, including Google and Facebook, have privately delivered a thinly veiled warning to the home secretary, Theresa May, that they will not voluntarily co-operate with the "snooper's charter".

In a leaked letter to the home secretary that is also signed by Twitter, Microsoft and Yahoo!, the web's "big five" say that May's rewritten proposals to track everybody's email, internet and social media use remain "expensive to implement and highly contentious".

In the letter, originally posted online by the Guardian, but now taken down for some reason, the Internet companies write:

Although it seems that the revised Bill will address some of the concerns we and others raised in evidence to that [Parliamentary] Committee, we expect that the core premise of the Bill -- to create a new form of retention order for the data of UK-based users of communications services -- will remain highly contentious.

…

However, we also do not want there to be any doubt about the strength of our concerns in respect of the idea the UK government would seek to impose an order on a company in respect of services which are offered by service providers outside the UK.

The letter rather pointedly invokes efforts to promote online freedom around the world:

The UK Foreign and Commonwealth Office in particular has played a leading role in promoting the value of freedom of expression on the Internet on the global stage. This freedom of expression is intimately linked to the fact that the Internet services are offered globally unlike traditional media channels, which may be under different degrees of state control in many parts of the world. Key to being able to offer a global Internet service is the understanding that the service provider can work primarily within the legal framework of its home jurisdiction.

It then paints a picture of what might happen if other countries brought in their own Snooper's Charter:

Service providers like ours can and do make reasonable accommodations to reflect local concerns and legal requirements including in the UK. But this is very different from a chaotic world within which every country seeks to impose potentially conflicting requirements on a global service provider in sensitive areas like the retention of personal data.

As the Guardian article explains:

The companies also detail an alternative approach to extend existing arrangements for them to meet the requests for personal data from the police and security services, including a new UK-US bilateral initiative to make the process faster and more efficient.

The letter concludes:

The Internet is still a relatively young technology. It brings enormous benefits to citizens everywhere and is a great force for economic and social development. The UK has rightly positioned itself as a leading digital nation. There are risks in legislating too early in this fast-moving area that can be as significant as the risks of legislating too late. We would urge you to follow the approach we have outlined above and see how far the needs of UK law enforcement can be met by improving existing legal instruments and treaties before making significant legislative changes.

This is a pretty significant move, underlined by the fact that traditional rivals have come together to form a common front against the UK government. If companies like Facebook, Google, Microsoft, Yahoo and Twitter refuse to cooperate with the UK's surveillance plans, it will make the scheme much more difficult to operate, particularly when it comes to spying on encrypted data streams.

Permalink | Comments | Email This Story
]]>that's-a-bit-of-a-problemhttps://www.techdirt.com/comment_rss.php?sid=20130531/03421623271Thu, 2 May 2013 05:26:00 PDTDigital Surveillance Report Exposes Short-Sightedness In UK Law-Making And Shows The Way ForwardBen Zevenbergenhttps://www.techdirt.com/articles/20130501/05454922906/digital-surveillance-report-exposes-short-sightedness-uk-law-making-shows-way-forward.shtml
https://www.techdirt.com/articles/20130501/05454922906/digital-surveillance-report-exposes-short-sightedness-uk-law-making-shows-way-forward.shtml
If you would believe the UK government, there are two types of people. In the one category, you have law abiding citizens whose every movement, communication and social network activity must be monitored and digitally analyzed to keep them at bay, for their own good. In the other category, you have murderers, pedophiles and terrorists. If you object to belonging to the first category, you must therefore be part of the other, or at least a partner in crime of the scoundrels identified in category two. This would be so according to the unbelievably backward rhetoric of parts of the UK government not too long ago. To make sure society runs smoothly, the government devised the Communication Data Bill, aka. “Snooper’s Charter”, which would enable mass surveillance of digital communications.

As Glyn Moody noted, the Snooper’s Charter has been declared effectively dead after Liberal Democrat leader Nick Clegg announced his party would not support the Bill after some heavy scrutiny by two critical parliamentary committees. The debate on digital surveillance is far from over, however, as several sectors of law enforcement will continue to push for ubiquitous interception, because it is ‘useful’. Of course, conveniently forgetting about proportionality when dreaming up laws to use or control digital technology has become an all too common thread worldwide.

The UK Open Rights Group, an EFF sister organization, has released a report and a series of particularly funny videos to put an end to the Snooper’s Charter, and also to inform policy makers and the public at large about how the discussion about digital surveillance should be held (disclaimer: I helped compile this report).

In the report, twelve experts from different fields explain clearly how and why digital surveillance has come about, what its intent is, and why mass surveillance such as that proposed by the Snooper’s Charter is probably the worst possible next step to take, considering the ability of current technology to effectively monitor everyone and everything.

“The manner in which the new Bill has been introduced and managed, fall full square within long British historical precedents that position privacy rights as an irritant to be managed by a combination of concealment, secrecy, information management, and misinformation.”

One of the most notable features of the Snooper’s Charter is the de facto centralized search engine – or “Filter” – which scours several public and private datasets to analyze communications in-depth. Cambridge University computer scientist Richard Clayton explains:

“It is fundamentally inherent to this proposal that Filter data should be collected on everyone’s activity and that this data should be made available en masse from the private companies, the Internet Services Providers and telephone companies that provide services, to government systems for the correlation processing.”

“It ought to be obvious that continuously recording the pattern of interactions of every online social relationship, and analyzing them with the “Filter”, is simply tyrannical.”

Rachel Robinson from “Liberty”, the National Council for Civil Liberties, considers what this type of surveillance will likely lead to:

“If the present proposals for the collection of communications data become law, proposals for other types of blanket or random surveillance irrespective of suspicion “just in case” are a logical next step.”

Professor Peter Sommer explains one of the underlying problems:

“Legislators need knowledge of the technical capabilities of surveillance technologies” because: “The legal words need to reflect the reality of how the technology works.”

“Equating the Internet with historical technologies when making policy is not simply wrong, it is dangerously misleading.”

Together with Professor Emmenthal below, policy makers should finally start realizing that “technology’s interaction with the social ecology is such that technical developments frequently have environmental, social, and human consequences that go far beyond the immediate purposes of the technical devices and practices themselves […]” (Kranzberg, 1986). Fortunately, the Open Rights Group established 10 clear recommendations to continue the discussion on digital surveillance law, which will also be applicable in other countries.

Permalink | Comments | Email This Story
]]>the-way-forwardhttps://www.techdirt.com/comment_rss.php?sid=20130501/05454922906Thu, 25 Apr 2013 09:32:00 PDTUK 'Snooper's Charter' Torn Up; Now What?Glyn Moodyhttps://www.techdirt.com/articles/20130425/02375422830/uk-snoopers-charter-torn-up-now-what.shtml
https://www.techdirt.com/articles/20130425/02375422830/uk-snoopers-charter-torn-up-now-what.shtml
Since the UK government published the draft version of its Communications Data Bill -- better known as the "snooper's charter" -- with plans to store data about every British citizen's emails, mobile calls and visits to Web sites, there has been almost total opposition to it from everyone else. Indeed, there has been growing resistance even within the UK government's ranks, largely from the smaller of the coalition partners, the Liberal Democrats. Here's what the party's leader and Deputy Prime Minister, Nick Clegg, has been up to, as described by one of the Liberal Democrat MPs, Julian Huppert:

Nick refused to allow the Bill to go ahead, and forced the Home Office to publish the Bill as a draft, allowing us all to see what the Home Office were planning. Nick appointed Paul Strasburger and I onto a Committee to scrutinise it in detail. We went through the evidence, heard from many experts and published a cross-party report. This was damming of the Home Office proposals -- it unanimously describe some of the Home Office information as 'fanciful and misleading'.

Following Nick's intervention and our report, the Home Office was given the chance to rethink. To build a proper case and look for proposals which were proportionate to the problem.

However, instead of trying to answer the huge range of criticisms of the proposed Bill, the Home Office simply insisted that such an intrusive system of surveillance was needed. As a result:

Nick has just this morning announced that he has killed off the Data Communications Bill, dubbed the "snooper’s charter".

By withdrawing the support of the Liberal Democrats, Clegg makes it practically impossible to pass the Bill, since the UK government will lack the requisite majority to push it through. However, this is by no means the end of the story.

Clegg will be under huge pressure from the Prime Minister, David Cameron, and his Conservative party colleagues, to agree to some slightly watered-down proposals. Cameron will doubtless invoke all the usual reasons -- tackling terrorism, paedophiles, organized crime etc. -- knowing that this plays well with enough of the electorate that Clegg won't be able to ignore it completely. So we can probably expect to see new plans in due course. The question then becomes to what extent they address the huge flaws in the original snooper's charter, and whether they represent an approach that is truly "proportionate to the problem", as the cross-party report puts it. If they don't, the battle will doubtless begin again.

Permalink | Comments | Email This Story
]]>not-over-yethttps://www.techdirt.com/comment_rss.php?sid=20130425/02375422830Fri, 12 Oct 2012 09:33:30 PDTOver 19,000 Emails Sent Concerning UK 'Snooper's Charter' -- Not A Single One In Support Of ItMike Masnickhttps://www.techdirt.com/articles/20121012/02471120688/over-19000-emails-sent-concerning-uk-snoopers-charter-not-single-one-support-it.shtml
https://www.techdirt.com/articles/20121012/02471120688/over-19000-emails-sent-concerning-uk-snoopers-charter-not-single-one-support-it.shtml"Snooper's Charter" in the UK. It was a draft Communications Bill that had some ridiculous surveillance measures, such as data retention by ISPs on all emails. There was an open comment period, and apparently over 19,000 emails were sent in. And, it turns out, the score was over 19,000... to zero. Yes, not a single comment submitted in support of the bill. From the Joint Parliamentary Committee:

... we have not seen a single email supporting the draft Communications Data Bill, or even agreeing that there may be a case for the security services and law enforcement agencies having greater access to communications data than they do at present.

While many of the emails received were generated from organizations opposed to the bill, you'd think that someone out there would be in favor of it. At the very least, hopefully this leads to a pretty big rethinking of the effort.